Torchwood
Torchwood is a ransomware that runs on Microsoft Windows. It is aimed at Russian-speaking users. Payload Transmission Torchwood is distributed by hacking through an insecure RDP configuration on legacy Windows Server using hacker tools. It can also be spread using email spam and malicious attachments, deceptive downloads, botnets, exploits, web injects, fake updates, repackaged and infected installers. Infection Torchwood carries out its attack quickly and uses the AES 256 encryption to make the victim's file inaccessible. Torchwood targets a wide variety of the user-generated files, which may include numerous media, document, configuration, database and other files. The file types targeted by threats like Torchwood include: .ebd, .jbc, .pst, .ost, .tib, .tbk, .bak, .bac, .abk, .as4, .asd, .ashbak, .backup, .bck, .bdb, .bk1, .bkc, .bkf, .bkp, .boe, .bpa, .bpd, .bup, .cmb, .fbf, .fbw, .fh, .ful, .gho, .ipd, .nb7, .nba, .nbd, .nbf, .nbi, .nbu, .nco, .oeb, .old, .qic, .sn1, .sn2, .sna, .spi, .stg, .uci, .win, .xbk, .iso, .htm, .html, .mht, .p7, .p7c, .pem, .sgn, .sec, .cer, .csr, .djvu, .der, .stl, .crt, .p7b, .pfx, .fb, .fb2, .tif, .tiff, .pdf, .doc, .docx, .docm, .rtf, .xls, .xlsx, .xlsm, .ppt, .pptx, .ppsx, .txt, .cdr, .jpe, .jpg, .jpeg, .png, .bmp, .jiff, .jpf, .ply, .pov, .raw, .cf, .cfn, .tbn, .xcf, .xof, .key, .eml, .tbb, .dwf, .egg, .fc2, .fcz, .fg, .fp3, .pab, .oab, .psd, .psb, .pcx, .dwg, .dws, .dxe, .zip, .zipx, .7z, .rar, .rev, .afp, .bfa, .bpk, .bsk, .enc, .rzk, .rzx, .sef, .shy, .snk, .accdb, .ldf, .accdc, .adp, .dbc, .dbx, .dbf, .dbt, .dxl, .edb, .eql, .mdb, .mxl, .mdf, .sql, .sqlite, .sqlite3, .sqlitedb, .kdb, .kdbx, .1cd, .dt, .erf, .lgp, .md, .epf, .efb, .eis, .efn, .emd, .emr, .end, .eog, .erb, .ebn, .ebb, .prefab, .jif, .wor, .csv, .msg, .msf, .kwm, .pwm, .ai, .eps, .abd, .repx, .oxps, .dota. Torchwood marks the files encrypted in its attack by adding a new extension to the victim's files. The Torchwood Ransomware uses dissimilar file extensions in its attack, which are: .torchwood .TORCHWOOD .TRCHWD Torchwood delivers a ransom note written in Russian named 'ИНСТРУКЦИЯ.txt' (INSTRUCTIONS.txt). Torchwood's ransom note contains the following content which, translated from Russian into English, reads: Attention! If you read this message, then you already guessed that there is something wrong with the computer. We are obliged to inform you about not the most pleasant news: All your information (documents, databases, backups and other files) on this computer has been encrypted. All encrypted files have the extension .TORCHWOOD This encoder is completely crack-resistant, so you can restore files only by having a unique decoder for your PC. Changing the operating system, installing antivirus software and contacting decryption specialists will only take your time. Without a decoder this problem will not be solved by any system administrator in the world. Just in case, we warn: Do not change files and do not use other decoders, otherwise, you can lose your data forever. If you still want to try to solve the problem yourself, then do it on a copy so that later there are no claims to us. To find out how to get the decoder, write us an email to torchwood0000@yandex.com Please duplicate all your emails to the address - torchwood@66.ru If we did not respond within 6 hours, please resend the email. In the letter, enter the number - ID or paste the text from the file INSTRUCTION_PROFILING_FILE.txt In the reply email, you will receive all instructions. Category:Ransomware Category:Trojan Category:Win32 Category:Win32 trojan Category:Microsoft Windows Category:Win32 ransomware